Skip Links

GoDaddy: We're ready to secure .com names with DNSSEC

Leading domain name registrar deploys DNS security extensions for .com-based Web sites

By , Network World
March 23, 2011 11:54 AM ET

Network World - With more than 47 million domain names under management, GoDaddy has a huge DNS infrastructure that it has upgraded to support the emerging Internet security standard known as DNSSEC for DNS Security Extensions.

GoDaddy's year-long engineering effort to prepare for DNSSEC is significant given that the Internet's most popular domain -- .com - will support DNSSEC by the end of March, according to .com operator Verisign 

BACKGROUND: Half of federal Web sites fail DNS security test

DNSSEC is an emerging Internet standard that allows Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. DNSSEC prevents Kaminsky-style attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing.

The Internet's root servers at the top of the DNS hierarchy added DNSSEC support last July. More than 25 domains - including .gov, .org, .edu and .net - have enabled DNSSEC since then.

The next major milestone for DNSSEC is for the security standard to be enabled on the .com domain, which has more than 80 million registered names out of a total of 205 million registered names across all top-level domains (TLD), according to statistics from February 2011.

The world's leading domain name registrar, GoDaddy supports DNSSEC for six top-level domains: .org, .net, .us, .biz, .eu and .se. GoDaddy will add DNSSEC support for .com next week, when Verisign offers this add-on security service.

"Because GoDaddy handles a third of all DNS requests in the world, we have to be careful with anything we do," says Rich Merdinger, senior director of domain registration services with GoDaddy. "We put in a lot of due diligence and a long implementation time" for DNSSEC.

GoDaddy offers DNSSEC as part of its new Premium DNS offering, which also includes DNS hosting and secondary DNS. Premium DNS costs $2.99 per month for five domain names.

GoDaddy engineers wrote their own software to support DNSSEC in the company's homegrown Web-based Domain Manager and Systems Manager platforms.

"We offer a one-click solution where we handle key management and key rollover behind the scenes for the user," Merdinger says.

GoDaddy ran a seven-month trial of DNSSEC for .org names from June 2010 until February 2011, when the company announced its commercial Premium DNS service.

"We started small for the power-user types that were hosting their own DNS," Merdinger says. "It was a very small group, and it was literally early adopters who had the wherewithal to generate their own keys with their domains. We had less than 300 people participate in the early adopter phase. They were IT professionals who were attempting to learn about DNSSEC in the practical, real world."

Today, GoDaddy has around 400 customers of its Premium DNS service that are actually signing their domains using DNSSEC. "It's been a pretty gradual adoption; it hasn't come on like gangbusters," Merdinger says.

However, GoDaddy is anticipating this figure to rise when the .com zone is signed.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News